Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport of [CC-5719] Add support for builtin global-read-only policy into release/1.16.x #18345

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
229 commits
Select commit Hold shift + click to select a range
1e920a7
[OSS] Post Consul 1.16 updates (#17606)
zalimeni Jun 7, 2023
8118aae
Add writeAuditRPCEvent to agent_oss (#17607)
roncodingenthusiast Jun 7, 2023
779647b
Add Envoy and Consul version constraints to Envoy extensions (#17612)
erichaberkorn Jun 8, 2023
9a4f503
[API Gateway] Fix trust domain for external peered services in synthe…
Jun 8, 2023
17f4689
backport ent changes to oss (#17614)
roncodingenthusiast Jun 8, 2023
8598288
Update intentions.mdx (#17619)
lkysow Jun 8, 2023
7ae457c
enterprise changelog update for audit (#17625)
roncodingenthusiast Jun 8, 2023
30e0c23
Update list of Envoy versions (#17546)
zalimeni Jun 9, 2023
3cb7056
[API Gateway] Fix rate limiting for API gateways (#17631)
Jun 9, 2023
ec347ef
sort some imports that are wonky between oss and ent (#17637)
rboyer Jun 9, 2023
5e84674
PmTLS and tproxy improvements with failover and L7 traffic mgmt for k…
trujillo-adam Jun 10, 2023
b1d3ec0
Delete check-legacy-links-format.yml (#17647)
Jun 12, 2023
809c188
docs: Reference doc updates for permissive mTLS settings (#17371)
Jun 12, 2023
baaf6d8
Add generic experiments configuration and use it to enable catalog v2…
mkeeler Jun 12, 2023
1074252
api-gateway: stop adding all header filters to virtual host when gene…
nathancoleman Jun 12, 2023
f8d3721
fix: add agent info reporting log (#17654)
JadhavPoonam Jun 12, 2023
862e78f
Add new Consul 1.16 docs (#17651)
im2nguyen Jun 12, 2023
c04c122
Default `ProxyType` for builtin extensions (#17657)
cthain Jun 12, 2023
446a640
Post 1.16.0-rc1 updates (#17663)
zalimeni Jun 12, 2023
290ba0e
Update service-defaults.mdx (#17656)
ramramhariram Jun 12, 2023
ef77f9a
docs: Sameness Groups (#17628)
boruszak Jun 12, 2023
c384f24
Remove "BETA" marker from config entries (#17670)
Jun 12, 2023
27206d9
CAPIgw for K8s installation updates for 1.16 (#17627)
trujillo-adam Jun 12, 2023
b678742
additional feedback on API gateway upgrades (#17677)
trujillo-adam Jun 12, 2023
66704e5
docs: JWT Authorization for intentions (#17643)
boruszak Jun 12, 2023
37a13dc
docs: minor fixes to JWT auth docs (#17680)
boruszak Jun 12, 2023
28d81ec
Fix two WAL metrics in docs/agent/telemetry.mdx (#17593)
Jun 12, 2023
0ddafcf
updated failover for k8s w-tproxy page title (#17683)
trujillo-adam Jun 13, 2023
3a8fc61
Add release notes 1.16 rc (#17665)
im2nguyen Jun 13, 2023
421e9d8
fix release notes links (#17687)
im2nguyen Jun 13, 2023
11764a4
adding redirects for tproxy and envoy extensions (#17688)
trujillo-adam Jun 13, 2023
4b843ae
Fix FIPS copy (#17691)
im2nguyen Jun 13, 2023
d54d5fb
[NET-4107][Supportability] Log Level set to TRACE and duration set to…
absolutelightning Jun 13, 2023
a8f1350
ENT merge of ext-authz extension updates (#17684)
cthain Jun 13, 2023
ddce431
docs: Update default values for Envoy extension proxy types (#17676)
cthain Jun 13, 2023
bba5cd8
fix: stop peering delete routine on leader loss (#17483)
DanStough Jun 13, 2023
0a1efe7
Refactor disco chain prioritize by locality structs (#17696)
erichaberkorn Jun 13, 2023
72f991d
agent: remove agent cache dependency from service mesh leaf certifica…
rboyer Jun 13, 2023
0c15748
[core]: Pin github action workflows (#17695)
curtbushko Jun 13, 2023
d497623
docs: missing changelog for _5517 (#17706)
DanStough Jun 13, 2023
ab909b4
add enterprise notes for IP-based rate limits (#17711)
trujillo-adam Jun 13, 2023
28647ef
Update compatibility.mdx (#17713)
Jun 13, 2023
9acbe76
Remove extraneous version info for Config entries (#17716)
Jun 13, 2023
8d9f2eb
fix: typo in link to section (#17527)
tcraxs Jun 14, 2023
212e090
Bump Alpine to 3.18 (#17719)
Jun 14, 2023
6a90c23
NET-1825: New ACL token creation docs (#16465)
Jun 14, 2023
fa40654
[NET-3865] [Supportability] Additional Information in the output of '…
absolutelightning Jun 14, 2023
9289e68
OSS merge: Update error handling login when applying extensions (#17740)
cthain Jun 14, 2023
abb05de
Bump atlassian/gajira-transition from 3.0.0 to 3.0.1 (#17741)
dependabot[bot] Jun 14, 2023
7ab287c
Add truncation to body (#17723)
chapmanc Jun 14, 2023
a633347
docs: Failover overview minor fix (#17743)
boruszak Jun 14, 2023
37bd0e1
docs - update Envoy and Dataplane compat matrix (#17752)
Jun 15, 2023
0994ccf
validate localities on agent configs and registration endpoints (#17712)
erichaberkorn Jun 15, 2023
fdde92c
Updated docs added explanation. (#17751)
absolutelightning Jun 15, 2023
0e9a012
Update index.mdx (#17749)
lkysow Jun 15, 2023
7dec75f
added redirects and updated links (#17764)
trujillo-adam Jun 15, 2023
8c74a1d
Add transparent proxy enhancements changelog (#17757)
hashi-derek Jun 15, 2023
ad0a277
docs - remove use of consul leave during upgrade instructions (#17758)
jmurret Jun 15, 2023
04edace
Fix issue with streaming service health watches. (#17775)
hashi-derek Jun 15, 2023
f9aa7ae
Property Override validation improvements (#17759)
zalimeni Jun 15, 2023
414a61d
Fixes (#17765)
boruszak Jun 15, 2023
730c599
Update license get explanation (#17782)
markcampv Jun 15, 2023
265c003
Add Patch index to Prop Override validation errors (#17777)
zalimeni Jun 16, 2023
5f95f5f
Stop referenced jwt providers from being deleted (#17755)
roncodingenthusiast Jun 16, 2023
653a886
Implement a Catalog Controllers Lifecycle Integration Test (#17435)
mkeeler Jun 16, 2023
5352ccf
HCP Add node id/name to config (#17750)
chapmanc Jun 16, 2023
37636ea
Catalog V2 Container Based Integration Test (#17674)
mkeeler Jun 16, 2023
00c8575
Fix Docs for Trails Leader By (#17763)
absolutelightning Jun 17, 2023
18b1555
Improve Prop Override docs examples (#17799)
zalimeni Jun 20, 2023
d2363eb
Test permissive mTLS filter chain not configured with tproxy disabled…
Jun 20, 2023
6d39328
Add documentation for remote debugging of integration tests. (#17800)
jmurret Jun 20, 2023
e4c9793
Clarify limitations of Prop Override extension (#17801)
zalimeni Jun 20, 2023
2a94ffa
Fix formatting for webhook-certs Consul tutorial (#17810)
stevenzamborsky Jun 20, 2023
ee95bc7
Add jwt-authn metrics to jwt-provider docs (#17816)
roncodingenthusiast Jun 20, 2023
f17b7f3
Change URLs for redirects from RC to default latest (#17822)
trujillo-adam Jun 20, 2023
500dcb1
Set GOPRIVATE for all hashicorp repos in CI (#17817)
zalimeni Jun 21, 2023
a3ba559
Make locality aware routing xDS changes (#17826)
erichaberkorn Jun 21, 2023
d0797c4
Fixup consul-container/test/debugging.md (#17815)
zalimeni Jun 21, 2023
82441a2
fixes #17732 - AccessorID in request body should be optional when upd…
gbolo Jun 21, 2023
a4653de
CA provider doc updates and Vault provider minor update (#17831)
Jun 21, 2023
366bd6f
ext-authz Envoy extension: support `localhost` as a valid target URI.…
cthain Jun 21, 2023
1864874
CI Updates (#17834)
mkeeler Jun 22, 2023
b782f2e
counter part of ent pr (#17618)
wangxinyi7 Jun 22, 2023
f16c5d8
watch: support -filter for consul watch: checks, services, nodes, ser…
huikang Jun 23, 2023
1f63671
Trigger OSS => ENT merge for all release branches (#17853)
nathancoleman Jun 23, 2023
2e2cbc1
Update service-mesh.mdx (#17845)
cn0047 Jun 23, 2023
94eb36b
Add docs for sameness groups with resolvers. (#17851)
hashi-derek Jun 23, 2023
5244ede
docs: add note about path prefix matching behavior for HTTPRoute conf…
nathancoleman Jun 23, 2023
d5d3a3d
docs: update upgrade to consul-dataplane docs on k8s (#17852)
ishustava Jun 23, 2023
48445df
resource: add `AuthorizerContext` helper method (#17393)
boxofrad Jun 26, 2023
b117eb0
resource: enforce consistent naming of resource types (#17611)
boxofrad Jun 26, 2023
ce24646
tooling: generate protoset file (#17364)
boxofrad Jun 26, 2023
33a2d90
Fix a bug that wrongly trims domains when there is an overlap with DC…
shamil Jun 26, 2023
8e02a0e
deps: aws-sdk-go v1.44.289 (#17876)
loshz Jun 26, 2023
e552e3d
api-gateway: add operation cannot be fulfilled error to common errors…
sarahalsmiller Jun 26, 2023
08c5048
api-gateway: add step to upgrade instructions for creating intentions…
nathancoleman Jun 26, 2023
a96a9e7
Changelog - add 1.13.9, 1.14.8, and 1.15.4 (#17889)
jmurret Jun 27, 2023
6bc2222
docs: update config enable_debug (#17866)
nvanthao Jun 27, 2023
601490b
Update wording on WAN fed and intermediate_pki_path (#17850)
Jun 27, 2023
767ef2d
Allow service identity tokens the ability to read jwt-providers (#17893)
roncodingenthusiast Jun 27, 2023
c8cfa60
Update docs (#17476)
mr-miles Jun 27, 2023
55056be
Add emit_tags_as_labels to envoy bootstrap config when using Consul T…
Jun 27, 2023
abeeea1
Fix command from kg to kubectl get (#17903)
lkysow Jun 27, 2023
1c819e6
Create and update release notes for 1.16 and 1.2 (#17895)
im2nguyen Jun 27, 2023
b76c4d7
Propose new changes to APIgw upgrade instructions (#17693)
im2nguyen Jun 27, 2023
3368f14
Add workflow to verify linux release packages (#17904)
jmurret Jun 27, 2023
f787088
Reference hashicorp/consul instead of consul for Docker image (#17914)
nathancoleman Jun 27, 2023
310bc68
Update Consul K8s Upgrade Doc Updates (#17921)
natemollica-nm Jun 27, 2023
6f5da97
Update sameness-group.mdx (#17915)
Jun 28, 2023
b168132
Update create-sameness-groups.mdx (#17927)
Jun 28, 2023
7dbba6c
deps: coredns v1.10.1 (#17912)
loshz Jun 28, 2023
67a239a
Ensure RSA keys are at least 2048 bits in length (#17911)
jm96441n Jun 28, 2023
f019457
tlsutil: Fix check TLS configuration (#17481)
beautifulentropy Jun 28, 2023
6f660e5
docs: Deprecations for connect-native SDK and specific connect native…
Jun 28, 2023
bdf4fad
Revert "Add workflow to verify linux release packages (#17904)" (#17942)
jmurret Jun 28, 2023
1b1f33f
Fixes Secondary ConnectCA update (#17846)
Ranjandas Jun 29, 2023
a60b363
fixing typo in link to jwt-validations-with-intentions doc (#17955)
jm96441n Jun 29, 2023
85b78fe
Fix streaming backend link (#17958)
Jun 29, 2023
1512ea3
Dynamically create jwks clusters for jwt-providers (#17944)
roncodingenthusiast Jun 29, 2023
f7305b2
website: remove deprecated agent rpc docs (#17962)
loshz Jun 29, 2023
2736e64
Fix missing BalanceOutboundConnections in v2 catalog. (#17964)
hashi-derek Jun 29, 2023
2af6bc4
feature - [NET - 4005] - [Supportability] Reloadable Configuration -…
absolutelightning Jun 30, 2023
5b7f360
Fix formatting codeblocks on APIgw docs (#17970)
im2nguyen Jun 30, 2023
50a9d1b
Remove POC code (#17974)
Jun 30, 2023
9ce89c4
update doc (#17910)
wangxinyi7 Jun 30, 2023
0b1299c
Remove duplicate and unused newDecodeConfigEntry func (#17979)
cthain Jun 30, 2023
f096fc5
docs: samenessGroup YAML examples (#17984)
boruszak Jun 30, 2023
df85dd8
Add changelog entry for 1.16.0 (#17987)
nathancoleman Jun 30, 2023
dc6ea1b
Fix typo (#17198)
evanphx Jul 1, 2023
8039427
Expose JWKS cluster config through JWTProviderConfigEntry (#17978)
roncodingenthusiast Jul 4, 2023
4f0bdd3
Integration test for ext-authz Envoy extension (#17980)
cthain Jul 4, 2023
0094dbf
Fix incorrect protocol for transparent proxy upstreams. (#17894)
hashi-derek Jul 5, 2023
8af4ad1
feat: include nodes count in operator usage endpoint and cli command …
JadhavPoonam Jul 5, 2023
b94095d
[OSS] Improve Gateway Test Coverage of Catalog Health (#18011)
DanStough Jul 5, 2023
7f3446e
Fixes Traffic rate limitting docs (#17997)
Ranjandas Jul 5, 2023
2c2e628
Fix removed service-to-service peering links (#17221)
karras Jul 5, 2023
7ef807d
docs: Sameness "beta" warning (#18017)
boruszak Jul 5, 2023
548829a
updated typo in tab heading (#18022)
trujillo-adam Jul 5, 2023
7689a5e
Document that DNS lookups can target cluster peers (#17990)
jcjones Jul 5, 2023
ada3938
Add first integration test for jwt auth with intention (#18005)
roncodingenthusiast Jul 6, 2023
f7d399f
fix stand-in text for name field (#18030)
trujillo-adam Jul 6, 2023
820cdbb
removed sameness conf entry from failover nav (#18033)
trujillo-adam Jul 6, 2023
85f2ae0
docs - add service sync annotations and k8s service weight annotation…
Jul 6, 2023
b9a6a74
docs - add jobs use case for service mesh k8s (#18037)
Jul 7, 2023
b0a2e33
address feedback (#18045)
Jul 7, 2023
f4b0804
Add verify server hostname to tls default (#17155)
fulviodenza Jul 10, 2023
1b08626
[OSS] Fix initial_fetch_timeout to wait for all xDS resources (#18024)
DanStough Jul 10, 2023
7decc30
ui: fix typos for peer service imports (#17999)
krastin Jul 11, 2023
da79997
test: fix FIPS inline cert test message (#18076)
DanStough Jul 11, 2023
a30ba33
Fix a couple typos in Agent Telemetry Metrics docs (#18080)
Jul 11, 2023
bfb9212
docs updates - cluster peering and virtual services (#18069)
Jul 11, 2023
0e58c89
Update service-mesh-compare.mdx (#17279)
david3a Jul 11, 2023
bd5af7f
Update helm docs on main (#18085)
curtbushko Jul 11, 2023
3dc6f8f
ci: use gotestsum v1.10.1 [NET-4042] (#18088)
nfi-hashicorp Jul 12, 2023
51d8eb8
Docs: Update proxy lifecycle annotations and consul-dataplane flags (…
curtbushko Jul 12, 2023
f472164
Pass configured role name to Vault for AWS auth in Connect CA (#17885)
t-davies Jul 12, 2023
ebfed56
Docs for dataplane upgrade on k8s (#18051)
lkysow Jul 12, 2023
f51a9d2
docs - update upgrade index page to not recommend consul leave. (#18100)
jmurret Jul 12, 2023
2f20c77
Displays Consul version of each nodes in UI nodes section (#17754)
vijayraghav-io Jul 12, 2023
d1f5d9b
api gw 1.16 updates (#18081)
eddie-rowe Jul 12, 2023
3b3aa1f
[NET-4103] ci: build s390x (#18067)
loshz Jul 12, 2023
efe9816
:ermahgerd "Sevice Mesh" -> "Service Mesh" (#18116)
nv-hashi Jul 13, 2023
c328ba8
Split pbmesh.UpstreamsConfiguration as a resource out of pbmesh.Upstr…
ishustava Jul 13, 2023
a2c6953
[NET-4895] ci - api tests and consul container tests error because of…
jmurret Jul 13, 2023
68863b4
Add ingress gateway deprecation notices to docs (#18102)
Jeff-Apple Jul 13, 2023
2229206
Add docs for jwt cluster configuration (#18004)
roncodingenthusiast Jul 14, 2023
ad6364a
Docs: fix unmatched bracket for health checks page (#18134)
huikang Jul 14, 2023
5208ea9
NET-4657/add resource service client (#18053)
JadhavPoonam Jul 14, 2023
747a4c7
Fix bug with Vault CA provider (#18112)
Jul 14, 2023
5af7390
[NET-4897] net/http host header is now verified and request.host that…
jmurret Jul 14, 2023
691bc96
add a conditional around setting LANFilter.AllSegments to make sure i…
jmurret Jul 14, 2023
05b665e
chore: bump upgrade integrations tests to 1.15, 116 [NET-4743] (#18130)
nfi-hashicorp Jul 14, 2023
e719478
re org resource type registry (#18133)
wangxinyi7 Jul 15, 2023
5930518
fix: update delegateMock used in ENT (#18149)
JadhavPoonam Jul 17, 2023
bcc6a9d
Use JWT-auth filter in metadata mode & Delegate validation to RBAC fi…
roncodingenthusiast Jul 17, 2023
f7c5ba5
Support Consul Connect Envoy Command on Windows (#17694)
absolutelightning Jul 17, 2023
e52ea0e
Change docs to say 168h instead of 7d for server_rejoin_age_max (#18154)
Jul 17, 2023
33d898b
[OSS] test: improve xDS listener code coverage (#18138)
DanStough Jul 17, 2023
03cf37e
Re-order expected/actual for assertContainerState in consul container…
roncodingenthusiast Jul 17, 2023
07fce86
group and document make file (#17943)
wangxinyi7 Jul 17, 2023
6200536
Add `testing/deployer` (neé `consul-topology`) [NET-4610] (#17823)
nfi-hashicorp Jul 17, 2023
9214457
[NET-4792] Add integrations tests for jwt-auth (#18169)
roncodingenthusiast Jul 18, 2023
548a5ca
Add FIPS reference to consul enterprise docs (#18028)
im2nguyen Jul 18, 2023
cd3fc9e
add peering_commontopo tests [NET-3700] (#17951)
nfi-hashicorp Jul 18, 2023
2e326e2
docs - remove Sentinel from enterprise features list (#18176)
Jul 19, 2023
29cdb75
[NET-4865] Bump golang.org/x/net to 0.12.0 (#18186)
zalimeni Jul 19, 2023
003370d
Call resource mutate hook before validate hook (NET-4907) (#18178)
analogue Jul 19, 2023
e8dd04d
[NET-4865] security: Update Go version to 1.20.6 (#18190)
zalimeni Jul 19, 2023
18bc041
Improve XDS test coverage: JWT auth edition (#18183)
roncodingenthusiast Jul 19, 2023
271e5af
update readme.md (#18191)
NiniOak Jul 19, 2023
72999bb
Update submodules to latest following 1.16.0 (#18197)
zalimeni Jul 19, 2023
1ef5dfc
SEC-090: Automated trusted workflow pinning (2023-07-18) (#18174)
hashicorp-tsccr[bot] Jul 19, 2023
1c7fcdf
Fix Backport Assistant PR commenting (#18200)
zalimeni Jul 20, 2023
ada767f
resource: Pass resource to Write ACL hook instead of just resource Id…
analogue Jul 20, 2023
2c5a09b
Explicitly enable WebSocket upgrades (#18150)
blake Jul 20, 2023
5cd2876
docs: fix the description of client rpc (#18206)
huikang Jul 20, 2023
7e6ce76
NET-4804: Add dashboard for monitoring consul-k8s (#18208)
huikang Jul 20, 2023
2793761
[OSS] Improve xDS Code Coverage - Clusters (#18165)
DanStough Jul 20, 2023
c2066b9
NET-4222 take config file consul container (#18218)
huikang Jul 21, 2023
47d445d
Envoy Integration Test Windows (#18007)
absolutelightning Jul 21, 2023
926db9c
fix typos and update ecs compat table (#18215)
trujillo-adam Jul 21, 2023
c932d79
[OSS] proxystate: add proxystate protos (#18216)
ndhanushkodi Jul 21, 2023
7e01fcf
ci: don't verify s390x (#18224)
loshz Jul 21, 2023
6671d7e
[CC-5718] Remove HCP token requirement during bootstrap (#18140)
jjacobson93 Jul 21, 2023
c138f24
[NET-4122] Doc guidance for federation with externalServers (#18207)
zalimeni Jul 21, 2023
8e3a1dd
[OSS] Improve xDS Code Coverage - Endpoints and Misc (#18222)
DanStough Jul 21, 2023
7ce539e
Clarify license reporting timing and GDPR compliance (#18237)
judithpatudith Jul 21, 2023
2b0d64e
Fix Github Workflow File (#18241)
absolutelightning Jul 22, 2023
a11dba7
NET-4996 - filter go-tests and test-integration workflows from runnin…
jmurret Jul 23, 2023
8b46bac
Align build arch matrix with enterprise (#18235)
zalimeni Jul 24, 2023
639210e
Revert "NET-4996 - filter go-tests and test-integration workflows fro…
jmurret Jul 24, 2023
efb45fe
resource: Add scope to resource type registration [NET-4976] (#18214)
analogue Jul 24, 2023
b162c51
Fix some inconsistencies in jwt docs (#18234)
jm96441n Jul 24, 2023
b7cdd18
NET-1825: More new ACL token creation docs (#18063)
Jul 24, 2023
8244dc7
[CC-5719] Add support for builtin global-read-only policy
jjacobson93 Jul 26, 2023
4a376a6
Add changelog
jjacobson93 Jul 28, 2023
75552a9
Add read-only to docs
jjacobson93 Jul 28, 2023
209e57a
Fix some minor issues.
jjacobson93 Jul 31, 2023
aad0946
Change from ReplaceAll to Sprintf
jjacobson93 Jul 31, 2023
96b0861
Change IsValidPolicy name to return an error instead of bool
jjacobson93 Jul 31, 2023
495162f
Fix PolicyList test
jjacobson93 Jul 31, 2023
d54e3a9
Fix other tests
jjacobson93 Jul 31, 2023
9878915
Apply suggestions from code review
jjacobson93 Jul 31, 2023
7b5077d
Fix state store test for policy list.
jjacobson93 Jul 31, 2023
2a6a531
Fix naming issues
jjacobson93 Jul 31, 2023
d63fa54
Update acl/validation.go
jjacobson93 Jul 31, 2023
94fea7a
backport of commit d63fa5481dc02c6faae7cc2647b4073b3286af1d
jjacobson93 Jul 31, 2023
786683e
Merge d63fa5481dc02c6faae7cc2647b4073b3286af1d into backport/jer/read…
hc-github-team-consul-core Aug 1, 2023
4e66203
backport of commit 3d099a6ed8ed10b6dc464c466cb1668914db8f08
jjacobson93 Aug 1, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 3 additions & 0 deletions .changelog/13023.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
ui: the topology view now properly displays services with mixed connect and non-connect instances.
```
3 changes: 3 additions & 0 deletions .changelog/17075.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
agent: remove agent cache dependency from service mesh leaf certificate management
```
3 changes: 3 additions & 0 deletions .changelog/17160.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
Fix a bug that wrongly trims domains when there is an overlap with DC name.
```
3 changes: 3 additions & 0 deletions .changelog/17483.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership.
```
3 changes: 3 additions & 0 deletions .changelog/17546.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
connect: update supported envoy versions to 1.23.10, 1.24.8, 1.25.7, 1.26.2
```
3 changes: 3 additions & 0 deletions .changelog/17565.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true
```
3 changes: 3 additions & 0 deletions .changelog/17582.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
cli: `consul operator raft list-peers` command shows the number of commits each follower is trailing the leader by to aid in troubleshooting.
```
3 changes: 3 additions & 0 deletions .changelog/17596.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE'
```
4 changes: 4 additions & 0 deletions .changelog/17609.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
```release-note:bug
gateways: Fixed a bug in API gateways where binding a route that only targets a service imported from a peer results
in the programmed gateway having no routes.
```
3 changes: 3 additions & 0 deletions .changelog/17631.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
gateways: Fixed a bug where API gateways were not being taken into account in determining xDS rate limits.
```
3 changes: 3 additions & 0 deletions .changelog/17719.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:security
Bump Dockerfile base image to `alpine:3.18`.
```
3 changes: 3 additions & 0 deletions .changelog/17739.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
http: fixed API endpoint `PUT /acl/token/:AccessorID` (update token), no longer requires `AccessorID` in the request body. Web UI can now update tokens.
```
3 changes: 3 additions & 0 deletions .changelog/17754.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
ui: consul version is displayed in nodes list with filtering and sorting based on versions
```
3 changes: 3 additions & 0 deletions .changelog/17755.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
mesh: Stop jwt providers referenced by intentions from being deleted.
```
3 changes: 3 additions & 0 deletions .changelog/17757.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
connect: Improve transparent proxy support for virtual services and failovers.
```
3 changes: 3 additions & 0 deletions .changelog/17759.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
extensions: Improve validation and error feedback for `property-override` builtin Envoy extension
```
3 changes: 3 additions & 0 deletions .changelog/17775.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
connect: Fix issue where changes to service exports were not reflected in proxies.
```
3 changes: 3 additions & 0 deletions .changelog/17780.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
cli: `consul watch` command uses `-filter` expression to filter response from checks, services, nodes, and service.
```
3 changes: 3 additions & 0 deletions .changelog/17846.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters
```
2 changes: 2 additions & 0 deletions .changelog/17885.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
```release-note:bug
ca: Fixed a bug where the Vault provider was not passing the configured role param for AWS auth
3 changes: 3 additions & 0 deletions .changelog/17888.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels
```
3 changes: 3 additions & 0 deletions .changelog/17894.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams.
```
4 changes: 4 additions & 0 deletions .changelog/17911.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
```release-note:bug
gateway: Fixes a bug where envoy would silently reject RSA keys that are smaller than 2048 bits,
we now reject those earlier in the process when we validate the certificate.
```
4 changes: 4 additions & 0 deletions .changelog/17939.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
```release-note:improvement
http: GET API `operator/usage` endpoint now returns node count
cli: `consul operator usage` command now returns node count
```
3 changes: 3 additions & 0 deletions .changelog/17978.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
mesh: Expose remote jwks cluster configuration through jwt-provider config entry
```
4 changes: 4 additions & 0 deletions .changelog/18011.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
```release-note:bug
connect: Removes the default health check from the `consul connect envoy` command when starting an API Gateway.
This health check would always fail.
```
3 changes: 3 additions & 0 deletions .changelog/18024.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration.
```
3 changes: 3 additions & 0 deletions .changelog/18068.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
xds: Prevent partial application of non-Required Envoy extensions in the case of failure.
```
3 changes: 3 additions & 0 deletions .changelog/18080.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
Fix some typos in metrics docs
```
3 changes: 3 additions & 0 deletions .changelog/18112.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
ca: Fixes a Vault CA provider bug where updating RootPKIPath but not IntermediatePKIPath would not renew leaf signing certificates
```
3 changes: 3 additions & 0 deletions .changelog/18140.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
hcp: Removes requirement for HCP to provide a management token
```
3 changes: 3 additions & 0 deletions .changelog/18150.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager
```
3 changes: 3 additions & 0 deletions .changelog/18184.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
api: Fix client deserialization errors by marking new Enterprise-only prepared query fields as omit empty
```
3 changes: 3 additions & 0 deletions .changelog/18186.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:security
Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406)
```
5 changes: 5 additions & 0 deletions .changelog/18190.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
```release-note:security
Upgrade to use Go 1.20.6.
This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library.
A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`.
```
3 changes: 3 additions & 0 deletions .changelog/18223.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
cli: `consul members` command uses `-filter` expression to filter members based on bexpr.
```
3 changes: 3 additions & 0 deletions .changelog/18291.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
api-gateway: fix race condition in proxy config generation when Consul is notified of the bound-api-gateway config entry before it is notified of the api-gateway config entry.
```
3 changes: 3 additions & 0 deletions .changelog/18303.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
connect: update supported envoy versions to 1.23.12, 1.24.10, 1.25.9, 1.26.4
```
6 changes: 6 additions & 0 deletions .changelog/18319.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
```release-note:improvement
acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only)
```
```release-note:improvement
acl: allow for a single slash character in policy names
```
3 changes: 3 additions & 0 deletions .changelog/18325.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
mesh: **(Enterprise Only)** Require that `jwt-provider` config entries are created in the `default` namespace.
```
3 changes: 3 additions & 0 deletions .changelog/_5517.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
namespaces: **(Enterprise only)** fixes a bug where agent health checks stop syncing for all services on a node if the namespace of any service has been removed from the server.
```
4 changes: 4 additions & 0 deletions .changelog/_5614.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
```release-note:bug
namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
```
3 changes: 3 additions & 0 deletions .changelog/_5669.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
audit-logging: **(Enterprise only)** enable error response and request body logging
```
3 changes: 3 additions & 0 deletions .changelog/_5740.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
```
3 changes: 3 additions & 0 deletions .changelog/_5750.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
```
3 changes: 3 additions & 0 deletions .changelog/_5805.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:security
audit-logging: **(Enterprise only)** limit `v1/operator/audit-hash` endpoint to ACL token with `operator:read` privileges.
```
2 changes: 1 addition & 1 deletion .github/workflows/backport-assistant.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,4 @@ jobs:
curl -s -H "Authorization: token ${{ secrets.PR_COMMENT_TOKEN }}" \
-X POST \
-d "{ \"body\": \"${github_message}\"}" \
"https://api.github.com/repos/${GITHUB_REPOSITORY}/pull/${{ github.event.pull_request.number }}/comments"
"https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments"
29 changes: 0 additions & 29 deletions .github/workflows/backport-reminder.yml

This file was deleted.

Loading